General discussion


Seperate domain logon

By nicsou ·
I have an existing domain called and an existing domain called Both these domains run on eligal ip ranges. They both have nat configured on the routers and by adding a static route on a machine in domain1 I am able to ping an IP in domain2. The reason for this is so that users in domain2 can access terminal services in domain1. How in Windows 2000 Server do I get these domains to trust one another? When I try the trust it tells me it's non-transitive (one-way) and anyway I cannot view the other domain under Network neighbourhood. Basically what I want to be able to do is to allow users from domain1 to be able to go to domain2 and log onto domain1 as if they were in the office at domain1? What configurations do I need to make still.? If you are unsure about my question, please mail me at . Where do I go to answer other peoples questions?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Seperate domain logon

by elmagoal In reply to Seperate domain logon

If all you want to do is have domain 2 users logon to terminal server. Put the terminal server outside the firewall. Anyone can see the terminal server but only those authorize will login. Make sure you get all security patches for it will be attack. If not,Look at this articles: How to Determine Trust Relationship Configurations (Q228477) or How to Create a Trust Between a Windows 2000 Domain and a Windows NT 4.0 Domain (Q306733)

Collapse -

Seperate domain logon

by nicsou In reply to Seperate domain logon

Poster rated this answer

Collapse -

Seperate domain logon

by XiaXiong In reply to Seperate domain logon

If both domains run on illegal (IE -- not set aside for internal networks) IP ranges, when you think you are pinging domain2 you may actually be pinging someone else entirely who has the legitimate IP address.

It looks like you are trying to establish a WAN between 2 different locations (as opposed to just 2 different domains on the same internal network). In this case, your problem is likely to be in your NAT and firewall settings.

The short answer is to make sure your internal networkshave legal internal address ranges (such as or, make sure you have static addresses for your terminal services, and make sure any firewall you have passes the appropriate ports. (See MS Knowledge Base Article Q150543for a list and description of these ports.)

Related Discussions

Related Forums